You could src-address=10.2.3.0/24 if that's what you're asking? What ingoing interface did you try? Is it part of a bridge? Why are you specifying the output chain???
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Sep 13, 2011 at 4:35 PM, Bill Prince < [email protected]> wrote: > Hrrmmmm. > > Setting up to do masquerade on just the interface this AP is on does not > work. It says "ingoing interface matching not possible in output and > postrouting chains". > > So what do I do to just NAT for this group of subs? Is it possible to > match the source address from this subnet? > > > > bp > > > > On 9/9/2011 5:17 PM, Bill Prince wrote: > >> Well, the old AP is on ether2, and all the old SMs are there too and on >> the /26 subnet. >> >> The new AP is on ether7, and the new SMs will not talk to the old AP. So >> they will have to go somewhere, and I don't have enough spare IP addresses >> to just plunk down a new subnet on the new AP. >> >> We're in the midst of getting a block of IPs from ARIN, and I don't think >> I will get the addresses before the AP/SM switch happens. >> >> Just doing a NAT for the new guys until the switch is over might make the >> most sense... >> >> bp >> >> >> On 9/9/2011 4:21 PM, Scott Reed wrote: >> >>> You can not have 2 ports on the same device in the same subnet. It won't >>> know which to use. >>> But, with what you are saying, why can't you just split the /26 into 2 >>> /27s and be done? >>> Here is maybe the thing that is getting you. If you split the /26 into 2 >>> /27s and put them on separate interfaces on the router, the router is happy. >>> The clients can still have /27, PROVIDED their default gateway is the same >>> half the subnet they are in. The clients can not talk to each other because >>> they think they don't need to route. If the clients don't need to talk, >>> this should be fairly easy. >>> >>> On 9/9/2011 6:45 PM, Bill Prince wrote: >>> >>>> My thinking was that all the lower addresses (1-30) will be in the /26, >>>> and all the upper addresses (33-62) will be in the /27. Once they're >>>> moved, >>>> then I can go back and switch all the lowers to a /27. >>>> >>>> This will all be on the same router (RB493). The /26 is on ether 2, and >>>> the /27 will be on ether 7. While I'm switching all the folks that need to >>>> go over to the new AP (which is on ether 7), I will have ether 2 configured >>>> as the master for ether 7 (the old AP is on ether 2). >>>> >>>> Actually, now that I think about it, it should only take me about 15 or >>>> 20 minutes to make both /27 subnets and just switch everyone enmass... >>>> >>>> bp >>>> >>>> >>>> On 9/9/2011 3:13 PM, Scott Reed wrote: >>>> >>>>> Routing will be a problem. >>>>> How are you going to tell a router customer .1 is here, .5 is there, >>>>> etc.? >>>>> There are thousands of /26 networks available that are non-routing. >>>>> What about creating a new /26 out of 10.x.x.x and NAT it until you get >>>>> everyone moved? >>>>> >>>>> On 9/9/2011 5:34 PM, Bill Prince wrote: >>>>> >>>>>> >>>>>> We put up a new AP on a POP where we already have 6 operating APs. >>>>>> The plan is to split off about 25 existing subscribers on one of the old >>>>>> APs and put them on this new AP. >>>>>> >>>>>> So we have all the subs (about 50) in one /26 (x.y.x.0/26). The >>>>>> ones we're going to move I need to put on a separate subnet, as >>>>>> everything >>>>>> is different, but I don't have enough IPs in a completely different >>>>>> subnet >>>>>> to just move them over at the moment. >>>>>> >>>>>> Would there be an issue to create a new subnet (x.y.z.32/27), and move >>>>>> all the ones we want on the new AP to this subnet? This would overlap >>>>>> with >>>>>> the old subnet for the short time we're moving everyone. >>>>>> >>>>>> Then after they're moved, I'll take the old x.y.z.0/26 and change it >>>>>> to x.y.z.0/27. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> ______________________________**_________________ >>>> Mikrotik mailing list >>>> [email protected] >>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> >>> ______________________________**_________________ >> Mikrotik mailing list >> [email protected] >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >> ______________________________**_________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20110913/0d059420/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
